The present application is directed a computer-implemented methods and systems implementing Virtual Private Network (VPN) policies created or modified by Software Defined Network (SDN) applications. The VPN policies can be provided to SDN controllers for implementation.
Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer-implemented method for VPN policy implementation by a Software Defined Network (SDN) application, comprising: receiving, at a SDN application, a request from user equipment to establish a virtual private network (VPN); transmitting, using the SDN application, the request to a VPN provider; obtaining, at the SDN application and from the VPN provider, VPN server credentials for a VPN; generating, using the SDN application, a security policy related to network traffic associated with the VPN; converting, using the SDN application, the security policy to an OpenFlow table; and transmitting, using the SDN application and OpenFlow protocols, the OpenFlow table to a SDN controller, wherein a security rule based on the OpenFlow table is enforced by a network element in communication with the SDN controller.
2. The computer-implemented method of claim 1 , further comprising: receiving an alert, at the SDN application, from the network element based on a conflict with the security rule.
3. The computer-implemented method of claim 1 , wherein the VPN is a dynamic VPN.
4. The computer-implemented method of claim 3 , wherein the VPN server is dynamically updated based on a conflict with the security rule.
5. The computer-implemented method of claim 1 , further comprising: monitoring, using the SDN application, network traffic information related to the VPN.
6. The computer-implemented method of claim 5 , further comprising: analyzing, using the SDN application, the network traffic related to the VPN, wherein the security policy is based on analysis of the network traffic related to the VPN.
7. The computer-implemented method of claim 5 , further comprising: analyzing, using the SDN application, the network traffic related to the VPN, wherein a conflict with the security rule is identified based on matching, within the network traffic related to the VPN, a pattern defined in the OpenFlow table.
8. The computer-implemented method of claim 1 , wherein the network element includes a hybrid router, wherein the hybrid router is configured to communicate by conventional and the OpenFlow protocols.
9. The computer-implemented method of claim 1 , wherein the OpenFlow table includes at least one OpenFlow Table Type Pattern (TTP).
10. The computer-implemented method of claim 1 , wherein the OpenFlow table includes at least one OpenFlow Multi-Flow Table (MFT).
11. A computer-implemented system for VPN policy implementation by a Software Defined Networking (SDN) application comprising: a non-transitory memory having instructions stored thereon for implementing elements for network traffic control by the SDN application; and a processor operatively coupled to the memory and configured to execute the instructions thereby effectuating: one or more interfaces communicatively coupling the SDN application with user equipment and a virtual private network (VPN) provider, wherein the SDN application is configured to receive a request from the user equipment to establish a VPN, wherein the SDN application is configured to transmit the request to a VPN provider, and wherein the SDN application is configured to obtain VPN server credentials for the VPN from the VPN provider; a policy generation module of the SDN application configured to generate a security policy related to network traffic associated with the VPN; a policy conversion module of the SDN application configured to convert the security policy to an OpenFlow table configured for use by a SDN controller; and a controller communication module of the SDN application configured to provide, via OpenFlow protocols the OpenFlow table to the SDN controller, wherein a security rule based on the OpenFlow table is enforced by a network element in communication with the SDN controller.
12. The computer-implemented system of claim 11 , wherein the non-transitory memory stores instructions that when executed by the processor are configured to effectuate: an authentication module of the SDN application configured to authenticate the SDN application to the SDN controller.
13. The computer-implemented system of claim 11 , wherein the VPN is a dynamic VPN.
14. The computer-implemented system of claim 11 , wherein the network element includes a hybrid router, wherein the hybrid router is configured to communicate by conventional and the OpenFlow protocols.
15. The computer-implemented system of claim 11 , wherein the OpenFlow table includes at least one OpenFlow Table Type Pattern (TTP).
16. The computer-implemented system of claim 11 , wherein the OpenFlow table includes at least one OpenFlow Multi-Flow Table (MFT).
17. The computer-implemented system of claim 11 , wherein the non-transitory memory stores instructions that when executed by the processor are configured to effectuate: a monitor module of the SDN application configured to monitor network traffic associated with the VPN.
18. The computer-implemented system of claim 17 , wherein the non-transitory memory stores instructions that when executed by the processor are configured to effectuate: an analysis module of the SDN application configured to identify anomalous traffic within the network traffic associated with the VPN, wherein the security policy is based on the anomalous traffic.
19. The computer-implemented system of claim 17 , wherein the non-transitory memory stores instructions that when executed by the processor are configured to effectuate: an analysis module of the SDN application configured to analyze the network traffic associated with the VPN, wherein a conflict with the security rule is identified based on matching, within the network traffic associated with the VPN, a pattern defined in the OpenFlow table.
20. A system, comprising: a non-transitory memory having instructions stored thereon; and a processor operatively coupled to the memory, wherein execution of the instructions by the processor causes: receiving, at a SDN application, a request from user equipment to establish a virtual private network (VPN); transmitting, using the SDN application, the request to a VPN provider; obtaining, at the SDN application and from the VPN provider, VPN server credentials for a VPN; generating, using the SDN application, a security policy related to network traffic associated with the VPN; converting, using the SDN application, the security policy to an OpenFlow table; and transmitting, using the SDN application and OpenFlow protocols, the OpenFlow table to a SDN controller, wherein a security rule based on the OpenFlow table is enforced by a network element in communication with the SDN controller.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
October 29, 2018
April 28, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.